Even though the Drobo is supposed to be a pretty rock-solid tool for backing up your files, there are still plenty of reasons why one would want to keep a copy of those files elsewhere just in case. For example, what would happen if there is a fire and your Drobo is damaged. Are you […]
I absolutely love my job and one of the coolest things about what I do is getting to do proof-of-concepts with bleeding edge technology. I feel very privileged that many companies out there respect me enough to provide me with these opportunities and I feel that engaging on this level enables me to be a […]
A couple of years ago I decided, along with support from my management, that Enterprise Risk Management would become a focal point for my Information Security Program. I was convinced that framing vulnerabilities in the form of risks was essential to giving management visibility into issues they currently didn’t know existed and to give our […]
Let’s say that you go to the same restaurant at least once a week for an entire year. The staff is always friendly, the menu always has something that sounds appealing, and the food is always good enough to keep you coming back for more. The only real drawback is that it usually takes a […]
I recently had the opportunity to play with a data analytics platform called LYNXeon by a local company (Austin, TX) called 21CT. The LYNXeon tool is billed as a “Big Data Analytics” tool that can assist you in finding answers among the flood of data that comes from your network and security devices and it […]
I had a meeting yesterday with a vendor who sells a SaaS solution for binary application vulnerability testing. They tell a very interesting story of a world where dynamic testing (“black box”) takes place alongside static testing (“white box”) to give you a full picture of your application security posture. They even combine the results […]
A year ago I wrote about Oracle’s plan on how to combine BEA Weblogic and OAS. A long time went by before any more information appeared – we met with our Oracle reps last week to figure out what the deal is. The answer wasn’t much more clear than it was way back last year. […]
I’ve had a couple of discussions lately about customized Apache error pages that prompted me to do a little bit of research on it. What I’ve come up with is somewhat interesting so I thought I’d share it with everyone. First, it is not technically possible to tell Apache to serve up a different error […]
The 1.0 release of Google Chrome has everyone abuzz. Here at NI, loads of people are adopting it. Shortly after it went gold, we started to hear from users that they were having problems with our internal collaboration solution, based on the Atlassian Confluence wiki product. They’d hit a page and get a terse error, […]
I’ve been really surprised that for as long as I’ve been active with OWASP, I’ve never seen a proxy presentation. After all, they are hugely beneficial in doing web application penetration testing and they’re really not that difficult to use. Take TamperData for example. It’s just a firefox plugin, but it does header, cookie, get, […]
